Pipeline · Ironbank Containers / Confluent / Confluent Component Operator / cp-operator-service-0.419

Merge branch '0.419.10' into 'development'

Updated tar to later 0.419.10 reference

See merge request dsop/confluent/confluent-component-operator/cp-operator-service-5.5.x!10

19 jobs for development in 11 minutes and 9 seconds (queued for 12 minutes)

90a038da

Status	Job ID	Name
.Pre
passed	#2649475 ironbank	load scripts	00:00:14 Apr 08, 2021

Preflight
passed	#2649476 ironbank	folder structure	00:00:10 Apr 08, 2021
passed	#2649477 ironbank	hardening_manifest	00:00:12 Apr 08, 2021

Lint
passed	#2649478 ironbank	wl compare lint	00:00:11 Apr 08, 2021

Finding Compare
failed	#2649479 ironbank allowed to fail	vat compare	00:00:08 Apr 08, 2021

Import Artifacts
passed	#2649480 ironbank	import artifacts	00:00:11 Apr 08, 2021

Scan Artifacts
passed	#2649481 ironbank	clamav scan	00:00:34 Apr 08, 2021

Build
passed	#2649482 ironbank-isolated	build	00:01:45 Apr 08, 2021

Scanning
passed	#2649486 ironbank	anchore scan	00:02:10 Apr 08, 2021
passed	#2649483 ironbank	openscap compliance	00:01:03 Apr 08, 2021
passed	#2649484 ironbank	openscap cve	00:04:08 Apr 08, 2021
passed	#2649485 ironbank	twistlock scan	00:00:35 Apr 08, 2021

Csv Output
passed	#2649487 ironbank	csv output	00:00:51 Apr 08, 2021

Check Cves
passed	#2649488 ironbank	check cves	00:00:16 Apr 08, 2021

Documentation
passed	#2649489 ironbank	sign image	00:00:38 Apr 08, 2021
passed	#2649490 ironbank	sign manifest	00:00:21 Apr 08, 2021
passed	#2649491 ironbank	write json documentation	00:00:21 Apr 08, 2021

S3 Publish
passed	#2649492 ironbank	upload to s3	00:01:47 Apr 08, 2021

Vat
passed	#2649493 ironbank	vat	00:00:08 Apr 08, 2021

Name Stage Failure

	Name	Stage	Failure
failed	vat compare	Finding Compare
	('CVE-2021-20305', 'twistlock_cve', 'A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.', 'nettle-3.4.1-2.el8', None) ('CVE-2021-22876', 'twistlock_cve', 'curl 7.1.1 to and including 7.75.0 is vulnerable to an \\"Exposure of Private Personal Information to an Unauthorized Actor\\" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.', 'curl-7.61.1-14.el8_3.1', None) ('CVE-2020-13776', 'twistlock_cve', 'systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.', 'systemd-239-41.el8_3.2', None) Uploading artifacts for failed job Uploading artifacts... ci-artifacts/compare/: found 2 matching files and directories Uploading artifacts as "archive" to coordinator... ok id=2649479 responseStatus=201 Created token=xE9sibrs Cleaning up file based variables ERROR: Job failed: command terminated with exit code 4

failed

vat compare

Finding Compare

('CVE-2021-20305', 'twistlock_cve', 'A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.', 'nettle-3.4.1-2.el8', None)
('CVE-2021-22876', 'twistlock_cve', 'curl 7.1.1 to and including 7.75.0 is vulnerable to an \\"Exposure of Private Personal Information to an Unauthorized Actor\\" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.', 'curl-7.61.1-14.el8_3.1', None)
('CVE-2020-13776', 'twistlock_cve', 'systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.', 'systemd-239-41.el8_3.2', None)
Uploading artifacts for failed job
Uploading artifacts...
ci-artifacts/compare/: found 2 matching files and directories 
Uploading artifacts as "archive" to coordinator... ok  id=2649479 responseStatus=201 Created token=xE9sibrs
Cleaning up file based variables
ERROR: Job failed: command terminated with exit code 4